Darren Pauli reports: Researchers from the University of Darmstadt say app developers have exposed 56 million credentials by borking login processes using services from Google, Amazon, and Facebook. The research team tested 750,000 Android and iOS applications, examining the way they used the federated identity services to make authentication smooth across different devices. The team…
Category: Of Note
Locker ransomware author dumps database of private keys, apologizes
Wow. Seen on Pastebin last night: Hi, I am the author of the Locker ransomware and I’m very sorry about that has happened. It was never my intention to release this. I uploaded the database to mega.co.nz containing “bitcoin address, public key, private key” as CSV. This is a dump of the complete database and…
Data breach liability: confidentiality vs. privacy
Glynna Christian and Nikki Mondschein of Kaye Scholer LLP provide food for thought for businesses and covered entities when reviewing contracts with IT service providers: IT service providers, particularly cloud service providers, increasingly are resisting unlimited liability for breaches of privacy and data security obligations in their customer agreements. Instead, they offer unlimited liability for breaches of…
Analysis of Yemen Cyber Army data dump
Earlier today, I noted that the Yemen Cyber Army (YCA) had dumped another 1,000,000 records they obtained by hacking the Saudi Ministry of Foreign Affairs. This latest dump is visa data. Here’s a bit of a summary of the newest data: The compressed file is 73.4 MB; uncompressed, it’s one text file of 362 MB….
Yemen Cyber Army dumps visa data from Saudi Ministry of Foreign Affairs
The Yemen Cyber Army (YCA) has released more data from its hack of the Saudi Ministry of Foreign Affairs (previous coverage here and here). Media sources reported after the first disclosure that Riyadh confirmed the internal Internet network attack but disputed the extent of the hack. At this rate, their protestations might want to be walked…
Credit Unions, Trades Sue Home Depot
Peter Strozniak reports: A consolidated class action lawsuit filed in U.S. District Court in Atlanta, Ga. Wednesday listed 37 credit unions, 16 state leagues, CUNA and 11 banks that claimed the 2014 Home Depot data breach caused billions of dollars in fraud losses and more than $150 million in card reissuance costs. Read more on Credit Union…